[anti-abuse-wg] survey ?
Richard Cox richard.cox at btuser.net
Fri Mar 6 15:48:26 CET 2009
On Fri, 6 Mar 2009 Frank Gadegast <ripe-anti-spam-wg at powerweb.de> wrote: > Some of them are being elected and do the job. And you can vote for > somebody else, when you dont like, what they are doing. Well, yes. But RIPE is not a democracy, even if it makes its internal decisions by democratic means. If RIPE was a democracy, every internet user in the RIPE service region would be able to elect representatives, but that is not what happens. Decisions are made by RIPE members who are mostly network operators. The fees required for membership are beyond the means of (most) individual net users. RIPE therefore acts in the interests of its members, who are mostly Network Operators, and not in the interests of end users unless they overlap. End users want to get all spam and abuse stopped. Network Operators do not (mostly) want to expend the resources that would be needed to achieve this. So it follows that they are unlikely to support any proposal for a RIPE policy that imposes any greater duties on them. > The abuse-field is not mandatory. There are no regulations in RIPE > membership contracts, that members are responsible for abuse they > cause. But thats, what RIPE has to do to stop abuse. The abuse-field is indeed not mandatory. I would prefer to have the abuse-field voluntary so that everyone could see which networks were not willing to handle abuse issues, rather than have networks forced to stipulate an abuse address that is then set to permanent ignore. If networks want to handle abuse issues properly they will provide an abuse address in the appropriate field (and in a few other important places as well). Making the abuse-field mandatory will not stop any abuse. It will not force any network operators to take any action to stop abuse. > This workgroup is absolutely useless, if there is no interest or > consense between all members, because there are members, that will > block all regulations against abuse, because they make profit with > spam or are not willing to invest time and money to protect the > internet. If it was useless I would not be here. I agree that it has not been particularly productive in the past, and both Brian and I (as the new co-chairs) are trying to focus on the issues that need most attention. > So what now ? Will this group generate a recommendation soon? Ever? I am sure that we will. We need to cohere more effectively first. > A test: > ------------------------------------------------------------------ > everybody on this list, should simply reply now > > ( ) I want RIPE to have regulations against abuse > ( ) I want RIPE to take consequences against spam friendly members > ------------------------------------------------------------------ I first want RIPE to be _able_ to do both of those. The problem is that the structure of RIPE does not currently enable RIPE to operate that way. Because RIPE is the issuer of IP etc resources it is only too easy to fall into the trap of thinking that RIPE can impose rules. It cannot. But it can - and should - make recommendations on matters like this. A simple analogy: We would like to fly to Barbados. But we do not yet have an airport. A common misunderstanding is that the Internet is automatically unique. It is only unique because nobody has yet created a second internet. The internet as we know it is a collection of networks that interconnect with each other by means of peering points and transit providers. Nobody can mandate how each network connects to another (leaving aside national and European regulations on telecomms licensing and competition policy) so any network can use any protocol, any IP or AS numbering it chooses as long as it works for them. They break no laws by doing that, although most networks agree to follow a common numbering scheme as established by IANA through the RIRs. A good example is the fact that some networks use IP addresses in 220.127.116.11/16 and rely on NAT to prevent those addresses being visible to their peers and upstreams. They "should" use 192.168.0.0/16 or one of the other IP ranges in RFC1918, but nobody can force them to change. And from time to time networks using that range encounter difficulties. I'm pointing this out because as IP4 resources exhaust, we are likely to see an increase in the abuse involving the use of IP ranges by people to whom they are not allocated. RIPE cannot do much about that, except by persuasion. As far as I can see, the only people that can prevent the inappropriate use of IP ranges and AS numbers, are the transit providers. As things stand, RIPE is the most abuse-friendly out of all the RIRs. That's not by intention, but by the fact that it gives more autonomy to individual LIRs that any of the other RIRs. LIRs are effectively resellers - their decision on whether a customer for IP resources is who they claim to be, etc, is normally accepted without question. So we see far more RIPE IP ranges appearing (and mostly used for abuse) in places outside the RIPE service area, that we see ARIN etc ranges inside the RIPE service area. So in summary I believe our most urgent duty is to make recommendations to RIPE that identify specific RIPE policies (or proposals) which have side-effects that either facilitate abuse or make it difficult to track who is responsible for the abuse. -- Richard The above is, of course, just my personal viewpoint.